The present invention relates to security improvements for use in ticket distribution systems, and in particular for use in lottery ticket distribution systems, where the size of the data management task is very large.
In known ticket distribution systems it is often necessary for each distributed ticket to be uniquely identifiable for redemption purposes. For this reason, the ticket often comprises a unique identifier, which often relates to an identification insignia, such as a serial number, barcode or functionally similar marking. This enables the ticket to be uniquely identified during redemption.
Known solutions require maintaining a secure database comprising a record of the unique identifier for each issued ticket, which can be cross-referenced during redemption. The storage requirements for maintaining such a database are significant. For example, lottery distribution systems may regularly distribute in excess of several billion tickets per annum. In the UK alone, 6 to 9 billion lottery tickets are distributed on average each year. This requires maintaining a database comprising at the very least 6 to 9 billion unique identifier entries which can be cross-referenced. Furthermore records must be maintained for several years, especially where the ticket may be associated with a long term maturity date. This exasperates storage requirements even further. For example, if records must be maintained for at least a ten year period, then the database will need to comprise approximately 70 billion entries. This is a staggeringly large number of entries, and the ability to cross-reference the database in real-time is significantly compromised, if not rendered substantially impossible for practical purposes.
The aforementioned problems are especially pertinent in multifunction ticket distribution systems such as described in the applicant's co-pending international patent application (published as WO2009/019602), which is included herein by reference insofar as possible under the relevant national law. In such systems, the multifunction ticket represents a registered entry in both a long term event, such as a bearer bond or other form of financial instrument or receipt, and a short term event, such as a lucky-dip draw or similar prize selection process. In accordance with statutory requirements, it is necessary to provide the maturity dates for both events on the face of the multifunction ticket. For example, if the long term event matures in twenty years' time, then this long term event maturity date must be visibly provided on the face of the issued ticket. Similarly if the short term event matures in one years' time, then this short term maturity date must also be visibly provided on the face of the issued ticket. Additionally, the algorithm used to generate the unique ticket identifier often uses the maturity dates of respectively the long and short term events as at least one of the inputs. Accordingly, it is conceivable that a fraudulent user could infer the employed algorithm on the basis of some of the known inputs, using for example sniffing and/or other packet analysis techniques.
One known solution to this problem is to disassociate the content of the unique ticket identifier from the identifier itself. The unique ticket identifier, which is visible on the issued ticket, is then effectively a lookup address used by a verification database to identify the correct database entry. On being provided with some further relevant information, which will be dependent on the particular application, the correct entry in the verification database may be cross-referenced for consistency with the further provided information. However, this solution suffers from the same excessively high storage requirements as described above, and therefore is not a practically implementable solution in ticket distribution systems where ticket data for a large number of tickets must be stored for a relatively long period of time, and is especially unsuited for use in multifunction ticket distribution systems of the type previously described.
The embodiments described herein provide a solution to improve the security of ticket distribution systems, and in particular to improve the security of multifunction ticket distribution systems, which solution does not suffer from the storage requirements of the known prior art.